08-07-2019 09:34 AM
Hello, Maybe it's something simple but I can't find a way to do the following: I need to add users to my cisco switches, but to ask them to change the password at login for the first time, so far what I have been able to do is create them but with a password defined by me and I want each user to personalize it. Thank you.
08-07-2019 12:26 PM
You required extenal authentication with Radius/TacACS which integrate with AD/LDAP for the same.
08-07-2019 12:38 PM
Hi there,
As you have discovered this feature is not available, certainly the local user datastore is not that sophisticated.
On a side note, creating multiple local user accounts on multiple switches across your estate is not a scalable or manageable solution.
You should look at creating a central user store and have the switches configured for AAA and query it.
FreeRADIUS is a great product and can be configured to consult the local /etc/passwd database. You could configure all your network admins with shell access to the server and then expire their passwords. The next time they SSH onto the server they will have to enter a new password.
# adduser foo # passwd -e foo
This new password would then be used to authenticate the user on all configured switches giving you the desired result.
http://wiki.freeradius.org/vendor/Cisco
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide